New Features and Vulnerability tests
- Introduced system to automatically avoid testing similar pages
- New check for Oracle Weblogic WLS-WSAT Component Deserialization RCE affecting versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0 (CVE-2017-10271)
- New check for PHPUnit RCE affecting versions 4.8.28 and 5.x before 5.6.3 (CVE-2017-9841)
- New check for Edge Side Include Injection vulnerabilities
- New check for Dotenv (.env and variants) files
- New check for Joe Text Editor DEADJOE file
- New check for Symfony configuration file
- New check for Laravel (PHP framework) log files
- New check for publicly accessible backup directory in Drupal Backup Migrate
Updates
- Updated timeout and retries for HTTP requests done by some vulnerability checks
- Updated Web Application Detection checks to make less HTTP requests resulting in faster scans
- Various minor updates to the UI
- Improved parsing of robots.txt
- Improved detection of default index files
- Acunetix now shows the number of licensed Targets in the License section of the UI
Fixes
- Some addresses were not parsed correctly, resulting in incorrect paths
- Some addresses were not detected, resulting in missing paths
- Some paths where being detected incorrectly
- Scanner crash when allowed hosts are used
- Scanner crash when parsing some pages
- Scanner hang when crawling caused by DeepScan
- No links parsed from pages without Content-Type header
- Some vulnerability checks duplicated the query values
- Sitemap was always being detected
- Fixed validation issues in Security Settings > Account Lockout > Lockout timeout
- License checks was failing for some installations